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1 DETAILED ACTION 

2 

3 This action is in response to the communication filed on 12/07/2006. 

4 All objections and rejections not set forth below have been withdrawn. 

5 Claims 1,6-8, 14, and 19-29 are pending. 
6 

7 

8 Claim Rejections • 35 USC §112 

9 

10 The following is a quotation of the second paragraph of 35 U.S.C. 112: 

1 1 The specification shall conclude with one or more claims particularly pointing out and distinctly 

1 2 claiming the subject matter which the applicant regards as his invention. 
13 

14 Claims 1, 6-8, 14, and 19-29 are rejected under 35 U.S.C. 112, second 

1 5 paragraph, as being indefinite for failing to particularly point out and distinctly 

16 claim the subject matter which applicant regards as the invention. 

17 Claim 1, 8, and 14 each recite the limitation "the hardware security module 



18 identifier that is stored with the encrypted tied key". There is insufficient antecedent 

1 9 basis for this limitation in the claim. For the purpose of examination the examiner will 

20 presume the claims to recite "the stored hardware security module and the stored 

21 encrypted tied key". 

22 All depending claims are rejected by virtue of their dependency. 
23 

24 
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1 Claim Rejections - 35 USC § 103 

2 

3 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

4 obviousness rejections set forth in this Office action: 

5 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

6 forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 

7 the prior art are such that the subject matter as a whole would have been obvious at the time the 

8 invention was made to a person having ordinary skill in the art to which said subject matter pertains. 

9 Patentability shall not be negatived by the manner in which the invention was made. 
10 

11 

12 Claims 1, 6 -8, 14, and 19-29 are rejected under 35 U.S.C. 103(a) as being 

1 3 unpatentable over Al-Salqan, "Method and Apparatus for Encoding Keys", U.S. 

14 Patent, 6,549,626 in view of U.S. Department of Commerce (DOC), "Security 

1 5 Requirements for Cryptographic Modules" in view of Hosokawa, "Internet 

16 Broadcast Billing System", U.S. Patent Publication, 2001/0023416 A1 in view of 



1 7 Heer et al. (Heer), "Data Encryption Security Module", U.S. Patent 5,999,629. 
18 

1 9 Regarding claim 1 , Al-Salqan discloses: 

20 receiving, at a security module, a first password corresponding a software 

21 application (Al-Salqan, col. 2, lines 12-28, 49-63; fig. 2, elem. 204). Herein, Al-Salqan 

22 teaches that users may use computers to perform cryptographic applications. For 

23 example, to utilize a cryptographic key, a user may employ an application to provide a 

24 password, derive a key, and perform cryptographic operations upon data such as a file. 

25 The inventive method of Al-Salqan is for facilitating the operation of such application. 
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1 generating, at a security module, a first mask value based on the first password 

2 (Al-Salqan, col. 4, lines 29-46; fig. 2); combining, at a security module, the first mask 

3 value with a first encryption key (Al-Salqan, col. 4, lines 49-52; fig. 2); 

4 encrypting, at the security module, the tied key using a second encryption key 



5 that is associated with the security module, the encrypting resulting in an encrypted tied 

6 key (Al-Salqan, fig. 2). Furthermore, the applicant is kindly reminded of the evidence 

7 submitted by the applicant's representative, admitting to the Prior Art's (Al-Salqan) 

8 teachings ("Prior Art Flow Diagram", Telephonic Interview, 1 1/1 5/05). 

9 Al-Salqan discloses the returning of the encrypted tied key to what is termed the 

10 "user". While, the Applicants themselves also equate a software application to the 

11 "user" (Instant Application, pg. 2, line 19 - pg. 3, line 2), the examiner notes that Al- 

12 Salqan does not explicitly state that a software application is represented by "the user" - 

1 3 hence, returning the encrypted tied key to the software application. 

14 DOC more clearly shows that a user employs a software application to interact 

15 with a security module inside a computer. DOC teaches that a security module 

16 provides cryptographic services to software applications employed by users (iv, #8; pg. 

17 27, sect. 4.6). When a user requests cryptographic services from a security module, the 

18 software application representing the user communicates with the security module using 

19 an application program interface (pg. 14, sect. 4.2; pg. 27, 28, iv). 

20 It would have obvious to recognize the teachings of DOC, that a human employs 

21 a software application to interact with a security module within a computer, along with 

22 the teachings of Al-Salqan. This would have been obvious because one of ordinary skill 
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1 in the art would have been motivated to practically provide a means for a human to 

2 accomplish a cryptographic application in cooperation with a security module inside a 

3 computer. 

4 The combination enables: 

5 sending the encrypted tied key and a second password from the software 

6 application to the security module over a computer network, the second password being 

7 the same as the first password (Al-Salqan, fig. 3, elems. 302,306). Herein, the 

8 combination discloses that the software application transmits the correct password and 

9 a corresponding tied key to the security module. 

1 0 receiving, at the security module, the encrypted tied key and the second 

1 1 password from the software application; in response to receiving the encrypted tied key 

1 2 and the second password, combining, at the security module, the encrypted tied key 

1 3 and the second key, the combining resulting in a recovered tied key (Al-Salqan, fig. 3). 

14 Furthermore, the applicant is kindly reminded of the evidence submitted by the 

15 applicant's representative, admitting to the Prior Art's (Al-Salqan) teachings ("Prior Art 

16 Flow Diagram", Telephonic Interview, 11/15/05). 



1 7 generating a second mask value based on the second password (Al-Salqan, col. 

18 4, lines 29-46; fig. 3). Furthermore, the applicant is kindly reminded of the evidence 

19 submitted by the applicant's representative, admitting to the Prior Art's (Al-Salqan) 

20 teachings ("Prior Art Flow Diagram", Telephonic Interview, 1 1/1 5/05); 

21 separating a recovered encryption key from the recovered tied key using the 

22 second mask value (Al-Salqan, col. 7, lines 45-49; fig. 3). Furthermore, the applicant is 
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1 kindly reminded of the evidence submitted by the applicant's representative, admitting 

2 to the Prior Art's (Al-Salqan) teaching of the recovery of an recovered encryption key 

3 from the recovered tied key ("Prior Art Flow Diagram", Telephonic Interview, 1 1/1 5/05). 

4 and encrypting data provided by the software application using the recovered 

5 generated key (Al-Salqan, Abstract, lines 1-3; col. 1, lines 21-28; col. 2:15-22; col. 3, 

6 lines 52-56; DOC, pg. iv, #8). Herein enabled by the combination, is an application that 

7 takes data and a recovered key, and facilitates the performance of cryptographic 

8 operations such as encryption and decryption. 
9 

10 The combination discloses a system designed to ensure the secrecy of a data 

1 1 encryption key, such as a symmetric key. Secrecy is accomplished by encrypting the 

12 data encryption key. However, though the combination discloses enabling the secrecy 

13 of a symmetric data encryption key, it does not disclose the enabling of the authenticity 

14 of the key. Thus, the combination does not disclose wherein the first "encryption key" is 

1 5 derived from a generated key and a known value the combining resulting a tied key or 

16 that the recovered "encryption key" includes a recovered generated key and a 

1 7 recovered known value. 

1 8 Hosokawa discloses a method for the verification of the authenticity of a data- 

19 encryption key, the method being performed "as a security measure" (Hosokawa, par 

20 37). This "security measure" of ensuring authenticity is additional to the security 

21 measure of ensuring secrecy - encrypting the data encryption key. The method 

22 comprises the creation of a "tied key", or an "encryption key" derived from a generated 
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1 key and a known value (Hosokawa, par. 32, lines 8-12; par. 33, lines 1-5; par. 37, lines 

2 11-13; par. 44, lines 11-18). Hosokawa attaches a "known value", a digital signature, to 

3 generated key, and thereby creates a "tied key". After the "tied key" is decrypted, the 

4 attached digital signature is compared to an authentic digital signature so as to verify 

5 the authenticity of the generated key. If authentic, the generated key is used for 

6 encrypting data. Thus, Hosokawa discloses a method usable to verify the authenticity 

7 of an encryption key, the method ensuring a measure of security. 

8 It would have been obvious to one of ordinary skill in the art to combine the 

9 method of Hosokawa with the system of the combination of Al-Salqan and DOC. This 

10 would have been obvious because one of ordinary skill in the art would have been 

1 1 motivated to enhance the security of the system of combination, by not only enabling 

12 the secrecy of the data encryption key, but also the authentication of the data encryption 

13 key. Thus, a more secure system is provided. 
14 

15 The combination does not appear to explicitly recite the added limitations of 

16 storing, by the software application, the encrypted tied key and a hardware security 

17 module identifier that identifies the security module; determining, by the software 

1 8 application, that the encrypted tied key corresponds to the security module based upon 

1 9 the hardware security module identifier that is stored with the encrypted tied key. 

20 However, Heer discloses that it was already well established for software 

21 applications that employ security modules for security to store encrypted keys along 

22 with a corresponding hardware security module identifier (fig. 1:20; 3:45-61). When the 
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1 need arises to utilize the key, the software application will determine the association of 

2 the encrypted key and the hardware security module identifier. 

3 It would have been obvious to one of ordinary skill in the art to employ the 

4 established teachings of Heer within the combination of Al-Salqan, DOC, and 

5 Hosokawa. This would have been obvious because one of ordinary skill in the art would 

6 have been motivated by the flexibility and added security provided by a system that can 

7 provide a plurality of system users with the safe utilization of encrypted keys via the 

8 cooperation of hardware security modules and facilitating software applications. 
9 



1 0 Regarding claim 6, the combination disclose: 

1 1 determining whether the recovered known value is correct; and processing a 

12 data file based on the determination (Hosokawa, col. 2, pars. 32, 33; Al-Salqan, 

13 Abstract, lines 1-3; col. 7, lines 37-49; col. 3, lines 52-56). 
14 

1 5 Regarding claim 7, the combination disclose: 

1 6 wherein the processing is selected from the group consisting of encrypting the 

1 7 data file using the recovered generated key and decrypting the data file using the 

18 recovered generated key (Al-Salqan, Abstract, lines 1-3; col. 7, lines 37-49; col. 3, lines 

19 52-56). 
20 

21 Regarding claim 22, the combination disclose: 
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1 wherein the generated key is at a level of security corresponding to a sensitivity 

2 level of the data being encrypted (Hosokawa, par. 41). The combination disclose that 

3 the key is appropriately used for securing data, thus the key is at a level of security 

4 suitable for securing sensitive data. 
5 

6 Regarding claims 25 and 28, they are the system means and computer program 

7 product claims implementing the method of claim 22, and they are rejected, at least, for 

8 the same reasons. 
9 

10 Regarding claims 8, 14, 19, and 20, they are the system means and computer 

1 1 program product claims implementing the method of claims 1 , 6, and 7, and they are 

12 rejected, at least, for the same reasons. Further, regarding claim 8 specifically, it is 

13 rejected because the combination disclose: 

14 one or more processors; a memory accessible by the processors; one or more 



1 5 nonvolatile storage devices accessible by the processors; a hardware security module 

1 6 accessible by the processors; a data security tool for securing data using the hardware 

17 security module (Al-Salqan, figs. 1 , 2; col. 3, lines 16-45). 
18 

19 Regarding claims 21 and 23, the combination disclose: 

20 wherein the security module is a separate hardware security module and wherein 

21 encrypting the data is performed within the security module (DOC, pg. 5, lines 4-6; pg. 

22 16, sect. 4.3.2). 
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1 

2 Regarding claims 24, 26, 27, and 29, they are the system means and computer 

3 program product claims implementing the method of claims 21 and 23, and they are 

4 rejected, at least, for the same reasons. 
5 

6 Response to Arguments 

7 

8 Applicant's arguments with respect to claims have been considered but are moot 

9 in view of the new ground(s) of rejection. 
10 

1 1 Conclusion 

12 

13 The prior art made of record and not relied upon is considered pertinent to 

14 applicant's disclosure: 
1 5 

16 See Notice of References Cited. 

17 

18 Applicant's amendment necessitated the new ground(s) of rejection presented in 

19 this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

20 § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 

21 CFR 1.136(a). 
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1 A shortened statutory period for reply to this final action is set to expire THREE 

2 MONTHS from the mailing date of this action. In the event a first reply is filed within 

3 TWO MONTHS of the mailing date of this final action and the advisory action is not 

4 mailed until after the end of the THREE-MONTH shortened statutory period, then the 

5 shortened statutory period will expire on the date the advisory action is mailed, and any 

6 extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the mailing date of 

7 the advisory action. In no event, however, will the statutory period for reply expire later 

8 than SIX MONTHS from the date of this final action. 

9 Any inquiry concerning this communication or earlier communications from the 

1 0 examiner should be directed to Jeffery Williams whose telephone number is (571 ) 272- 

1 1 7965. The examiner can normally be reached on 8:30-5:00. 

12 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

13 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

14 number for the organization where this application or proceeding is assigned is 571- 

15 273-8300. 



Application/Control Number: 10/099,779 Page 12 

Art Unit: 2137 

1 Information regarding the status of an application may be obtained from the 

2 Patent Application Information Retrieval (PAIR) system. Status information for 

3 published applications may be obtained from either Private PAIR or Public PAIR. 

4 Status information for unpublished applications is available through Private PAIR only. 

5 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

6 you have questions on access to the Private PAIR system, contact the Electronic 

7 Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

8 USPTO Customer Service Representative or access to the automated information 

9 system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
10 

11 J.Williams 

12 AU:2137 




